Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

msm1267 writes Dark corners of the Internet harbor trouble. They're supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors? That's the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some targeted attacks. Hackers are thriving in this arena because they have found an unwittingly complicit partner in the sundry ad networks to move malicious ads through legitimate processes. Adding gasoline to the raging fire is the abuse of real-time ad bidding, a revolution in the way online ads are sold. RTB enables better ad targeting for advertisers and less unsold inventory for publishers. Hackers can also hitch a ride with RTB and target malicious ads on any site they wish, much the way a legitimate advertiser would use the same system.

alphadogg writes "Website password strength meters often tell you only what you want to hear rather than what you need to hear. That's the finding from researchers at Concordia University in Montreal, who examined the usefulness of those ubiquitous red-yellow-green password strength testers on websites run by big names such as Google, Yahoo, Twitter and Microsoft/Skype. The researchers used algorithms to send millions of 'not-so-good' passwords through these meters, as well as through the meters of password management services such as LastPass and 1Password, and were largely underwhelmed by what they termed wildly inconsistent results.
Inconsistent can go both directions: I've seen password-strength meters that balked at absolutely everything (accepting weak passwords as good, after calling wildly long and random ones poor).

itwbennett writes: The vulnerability known as CVE-2011-2461 was unusual because fixing it didn't just require the Adobe Flex Software Development Kit (SDK) to be updated, but also patching all the individual Flash applications (SWF files) that had been created with vulnerable versions of the SDK. The company released a tool that allowed developers to easily fix existing SWF files, but many of them didn't. Last year, Web application security engineers Luca Carettoni from LinkedIn and Mauro Gentile from Minded Security came across the old flaw while investigating Flash-based techniques for bypassing the Same-Origin Policy (SOP) mechanism found in browsers. They found SWF files that were still vulnerable on Google, Yahoo, Salesforce, Adobe, Yandex, Qiwi and many other sites. After notifying the affected websites, they presented their findings last week at the Troopers 2015 security conference in Germany.

CryoKeen writes It's interesting how different news sites spin #marsgate. From Yahoo News: "The private colonization project Mars One has pushed its planned launch of the first humans toward the Red Planet back by two years, to 2026. The delay was necessitated by a lack of investment funding, which has slowed work on a robotic precursor mission that Mars One had wanted to send toward the Red Planet in 2018, Mars One CEO Bas Lansdorp said in a new video posted today... 'We had a very successful investment round in 2013 that has financed all the things that we have done up to now. And we have actually come to an agreement with a consortium of investors late last year for a much bigger round of investments. Unfortunately, the paperwork of that deal is taking much longer than we expected,' Lansdorp said in the video." This Astrowatch article is a lot more scathing and to the point: "Mars One, the Dutch company planning to send people on a one-way trip to Mars, that recently selected a group of 100 hopefuls, struggles with criticism. In a Medium story this week, Mars One finalist Joseph Roche presented multiple reasons as to why he believed the entire operation is a complete scam. In response, the company published a video Thursday in which Bas Lansdorp, CEO and Co-founder of Mars One, replies to recent criticism concerning the feasibility of Mars One's human trip to Mars. He also revealed that the mission will be delayed for two years. Roche said that the 'only way' to get selected for the next round of the Mars One candidacy process was to donate money. 'My nightmare about it is that people continue to support it and give it money and attention, and it then gets to the point where it inevitably falls on its face,' Roche told Elmo Keep for Medium."

An anonymous reader writes To nobody's surprise, the Japanese press reports that a new way to look at the inside of one of the Fukushima 1 damaged reactors has shown the fuel is not in place. Engineers have not been able to develop a machine to directly see the exact location of the molten fuel, hampered by extremely high levels of radiation in and around the reactors, but a new scan technique using muons (details on the method in the media are missing) have shown the fuel is not in its place. While Tepco's speculation is that the fuel may be at the bottom of the reactor, it is a safe bet that at least some of it has burned through and has gone on to create an Uruguay syndrom.

HughPickens.com writes: The Globe and Mail reports that Edward Snowden's Russian lawyer, Anatoly Kucherena, says the fugitive former U.S. spy agency contractor is working with American and German lawyers to return home. "I won't keep it secret that he wants to return back home. And we are doing everything possible now to solve this issue. There is a group of U.S. lawyers, there is also a group of German lawyers and I'm dealing with it on the Russian side." Kucherena added that Snowden is ready to return to the States, but on the condition that he is given a guarantee of a legal and impartial trial. The lawyer said Snowden had so far only received a guarantee from the U.S. Attorney General that he will not face the death penalty. Kucherena says Snowden is able to travel outside Russia since he has a three-year Russian residency permit, but "I suspect that as soon as he leaves Russia, he will be taken to the U.S. embassy."

An anonymous reader writes For the 20th anniversary of Yahoo, Marissa Mayer discusses how she's trying to reinvent the company. In a wide-ranging interview, Mayer shares her vision for fixing the company's past mistakes, including a major investment in mobile and a new ad platform. Yet she's been dogged by critics who see her as an imperious micromanager, who criticize her $1.1 billion purchase of Tumblr, and who fault her for moving too slowly. The company's executives explain that the business could only return to health after she first halted Yahoo's brain drain and went big on mobile. As one Yahoo employee summarized Mayer's thinking: "First people, then apps."

An anonymous reader writes with news about the effort to unionize shuttle drivers in Silicon Valley. "Shuttle bus drivers for five prominent tech companies will decide whether to unionize on Friday in a vote that has the potential to dramatically expand organized labor's territory in Silicon Valley and embolden others in the tech industry's burgeoning class of service workers to demand better working conditions. Drivers who ferry Yahoo, Apple, Genentech, eBay and Zynga workers -- all employed by contractor Compass Transportation -- will decide whether to join the Teamsters union in an election overseen by the National Labor Relations Board. Union leaders say they want to bring the drivers into the fold so they can negotiate better pay and benefits -- as well as relief from a split shift that has the drivers working morning and evening shifts with no pay in between. A contract the Teamsters struck over the weekend for Facebook's shuttle bus drivers, who work for Loop Transportation, offers a glimpse of what may be possible: paid sick and vacation time, full health care coverage and wages of up to $27.50 an hour."

sarahnaomi writes: The NSA, GCHQ, and their allies in the Five Eyes are not the only government agencies using malware for surveillance. French intelligence is almost certainly hacking its targets too — and now security researchers believe they have proof. On Wednesday, the researchers will reveal new details about a powerful piece of malware known as "Babar," which is capable of eavesdropping on online conversations held via Skype, MSN and Yahoo messenger, as well as logging keystrokes and monitoring which websites an infected user has visited. The researchers are publishing two separate but complementary reports that analyze samples of the malware, and all but confirm that France's spying agency the General Directorate for External Security (DGSE) was responsible for its creation.

An anonymous reader writes: Face recognition software underwent a revolution in 2001 with the creation of the Viola-Jones algorithm. Now, the field looks set to dramatically improve once again: computer scientists from Stanford and Yahoo Labs have published a new, simple approach that can find faces turned at an angle and those that are partially blocked by something else. The researchers "capitalize on the advances made in recent years on a type of machine learning known as a deep convolutional neural network. The idea is to train a many-layered neural network using a vast database of annotated examples, in this case pictures of faces from many angles. To that end, Farfade and co created a database of 200,000 images that included faces at various angles and orientations and a further 20 million images without faces. They then trained their neural net in batches of 128 images over 50,000 iterations. ... What's more, their algorithm is significantly better at spotting faces when upside down, something other approaches haven't perfected."

An anonymous reader writes Facebook today launched ThreatExchange, described as "an API-based clearinghouse for security threat information." It's really a social platform, which Facebook naturally excels at building, which allows companies to share with each other details about malware and phishing attacks. Pinterest, Tumblr, Twitter, and Yahoo participated in ThreatExchange and gave feedback as Facebook was developing it. New contributors Bitly and Dropbox have also recently joined, bringing the initial participant list to seven major tech companies.

First time accepted submitter OutOnARock writes Yahoo Finance is reporting on the latest Bitcoin scam, this time from Hong Kong. "Investors in a Hong Kong-based Bitcoin trading company fear they have fallen victim to a scam after it closed down, a lawmaker said Monday, adding losses could total HK$3 billion ($387 million). Leung Yiu-chung said his office recently received reports from dozens of investors in Hong Kong who paid a total of HK$40 million ($5.16 million) into the scheme run online by MyCoin, but the total loss may be vastly more. 'The number of cases is increasing. These two days I received calls about more than 30 cases. We estimate more than 3,000 people and HK$3 billion are involved,' he told AFP."

KentuckyFC (1144503) writes "Beauty is in the eye of the beholder. But what if the beholder is a machine? Scientists from Yahoo Labs in Barcelona have trained a machine learning algorithm to pick out beautiful photographic portraits from a collection of not-so-beautiful ones. They began with a set of 10,000 portraits that have been rated by humans and then allowed the algorithm to "learn" the difference by taking into account personal factors such as the age, sex and race of the subject as well as technical factors such as the sharpness of the image, the exposure and the contrast between the face and the background and so on. The trained algorithm was then able to reliably pick out the most beautiful portraits. Curiously, the algorithm does this by ignoring personal details such as age, sex, race, eye colour and so on and instead focuses only on technical details such as sharpness, exposure and contrast. The team say this suggests that any subject can be part of a stunning portrait regardless of their looks. It also suggests that "perfect portrait" algorithms could be built in to the next generation of cameras, rather like the smile-capturing algorithms of today."

hackingbear writes China's State Administration of Industry and Commerce on Wednesday issued a scathing report against one of the country's biggest stars, accusing e-commerce giant Alibaba of failing to do enough to prevent fake goods from being sold on its websites. SAIC said Alibaba allowed "illegal advertising" that misled consumers with false claims about low prices and other details. It claims some Alibaba employees took bribes and the company failed to deal effectively with fraud. Alibaba fired back with charges of bias and misconduct by accusing the SAIC official in charge of Internet monitoring, Liu Hongliang, of unspecified "procedural misconduct" and warned it will file a formal complaint. Such public defiance is almost unheard of in China. Apparently, Alibaba has long attained the too big to fail status.

samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions."

theodp writes Some of the world's leading Data Scientists are on the payrolls of Microsoft, Google, Facebook, Yahoo, and Apple. So, it'd be interesting to get their take on the infographics the tech giants have passed off as diversity data disclosures. Microsoft, for example, reported its workforce is 29% female, which isn't great, but if one takes the trouble to run the numbers on a linked EEO-1 filing snippet (PDF), some things look even worse. For example, only 23.35% of its reported white U.S. employee workforce is female (Microsoft, like Google, footnotes that "Gender data are global, ethnicity data are US only"). And while Google and Facebook blame their companies' lack of diversity on the demographics of U.S. computer science grads, CS grad and nationality breakouts were not provided as part of their diversity disclosures. Also, the EEOC notes that EEO-1 numbers reflect "any individual on the payroll of an employer who is an employee for purposes of the employers withholding of Social Security taxes," further muddying the disclosures of companies relying on imported talent, like H-1B visa dependent Facebook. So, were the diversity disclosure mea culpas less about providing meaningful data for analysis, and more about deflecting criticism and convincing lawmakers there's a need for education and immigration legislation (aka Microsoft's National Talent Strategy) that's in tech's interest?